Category: Mail

Setting up an email server can be a very daunting task when you aren’t too sure about how an email server works. Thankfully there are tools and configurations you can use that will make the job of managing an email server incredibly easy to understand and perform.

For a long time I was creating new linux OS users to create a new mailbox. The problem here is it meant that only one server could handle a domain, this is when I discovered virtual mailboxes which allows one single server to handle emails for a large number of different domains. A lot of the tutorials out there will show you how to do this using the default database system that postfix uses. This is perfectly fine, but it becomes a major chore to manage when you start to get a large number of domains and emails. After some searching I discovered a web application called postfix admin. This magic piece of software lets you manage all your domains and mailboxes from your web browser without ever needing to ssh into the server. To make things even better, this will also replace the default postfix DB with a much more familiar MySQL database. So lets get to it, this guide will explain everything that you need to know about setting up an email server that uses Postfix and Dovecot with Postfix Admin to manager your sever.

Create Mail User

First thing we want to do is create the mail user. This will be a user that has access to manage all of the files and folders that your mail server will need to manage. The following commands will create a user and configure it with the correct permission and UID. This step is very important as all of the config code below is assuming that you are going to be using the same user created below. If you know what you are doing then of course you can change this to whatever you wish.

1

2

groupadd vmail-g2222

useradd vmail-r-g2222-u2222-d/var/vmail-m-c"mail user"

We now have a user and a group called vmail with the uid and gid of 2222. This is the ID that needs to be used when configuring Postfix and Dovecot.

Install And Configure Postfix

First and most important, install your SMTP server. There are various ways in which you can do this depending on your operating system. To install this on a Centos/ Red Hat OS run the following command.

1

yum install postfix

Once postfix is installed, navigate to /etc/postfix/main.cf. Open this file and edit the contents to make it look like the following.

One last change to the config files is to the master.cf file. Add or uncomment the following line. There is a good chance the line exists already and its commented (has a # at the start). Removing the hash will do.

/etc/postfix/master.cf

1

submission inetn-n--smtpd

you have now setup the cf files, but we still have to setup the database. We are going to use MySQL as this allows us to link it in with a web interface and makes life so much easier. If you look at the contents added to the main.cf file you will see references to a bunch of files in an sql folder. All of these files need to be created. If you have downloaded postfix admin there will be an sh script that you can run and it will generate all of the files for you. This saves you a lot of trouble as these are annoying to write, but to make sure that this guide covers everything I will show you everything that needs to be added for these files. Before we can do this we need to setup PostfixAdmin as this will generate the database that you need to use. So lets setup PostfixAdmin.

Install PostfixAdmin

PostfixAdmin is a free, web interface that allows you to manage the database that postfix uses for virtual users. First things first, download and unzip the latest version of the code, which can be found here http://postfixadmin.sourceforge.net/. You will need to configure apache with an alias or virtualhost depending on what you want to do.

PostfixAdmin comes with its own extensive install guide that comes zipped in the folder. The setup is very straightforward. Run the setup php script through the browser and this will generate the database and add some admin information so you can begin working on it. Once you have it installed and setup, you will now have a database that can be used by postfix. Now we need to tell postfix to actually use this database. We have already instructed postfix that it will be using these files, so all you will need to do is create the following files and add the content to them.

Note: PostfixAdmin comes with a script to generate these files automatically for you. If you run the script (all documented in the setup notes) it will create the files in /tmp. If you decide to do this, take these files and copy them into /etc/postfix/sql and you will be done. If you dont know how to do this you can create them yourself.

Here are the database files that you need to create and add the content to.

/etc/dovecot/dovecot-dict-quota.conf

1

2

3

4

5

6

7

driver=mysql

connect=host=localhost dbname=postfix user=postfix password=password

default_pass_scheme=MD5-CRYPT

table=quota

select_field=current

where_field=path

username_field=username

This is everything you need to get dovecot working. Note the UID and GID values are using 2222 which is the same value that was setup for the user and group earlier in the tutorial. Of course please change the username/password/db name for all of the SQL queries for everything.

Final Notes

Everything should now be up and running. Restart everything just to make sure that everything is working fresh and clean.

1

2

service postfix restart

service dovecot restart

You should be able to navigate to Postfix Admin in your web browser and work away with managing your web server. I understand that this is an incredibly frustrating part of the setup as there are so many things that can go wrong. I have gathered everything that I have encountered from the times when I have set this up. Hopefully everything went well for you, but if not these resources might help you.

Issue Fixes

Hopefully everything went well, but I know all to well that things never go smooth. Chances are you have some issues that you have encountered while setting this up. The following resources might help you solve any issues that you might be getting while setting this up.

Mysql Access Denied

This error is a damn nightmare. It can be one of many things to solve and hopefully its the obvious error that the account you are using has a bad password or does not have the correct permissions to access the database that you are trying to connect to. If you are 100% sure the user has access and can access the database via the command line then it might be an issue with MySQL. The following tutorial may help you get past this issue.

This error has become the bane of email server management for me. I know the cause and I know how to fix it, yet it always seems to take forever to get it right and it seems to break so very easily. Thankfully after a lot of frustration i have found a very easy way to get past the following error.

You have tried granting the user full permissions for everything, you can log in via the command line and nothing appears to be wrong with the user account. I tried all of this too and the problem appears to be the method that MySQL uses to encrypt the passwords. I’m not sure if its dovecot that needs to catch up with this or if SQL is acting up. Either way you can fix this error with the following command.

1

SET PASSWORD FOR'postfix'@'localhost'=OLD_PASSWORD('password');

This will alter the password hash for the user account using the older hashing method. Im not really sure the big details of this, but all i know for sure is that it fixed the issue for me.

Of course this might not be the cause of your error. It might be a simple fact that the login is incorrect or that the user does not have the correct permissions to view the database. However it goes, hopefully this helps and you can get over this issue as easy as possible.

This guide is going to work off the assumption that you already have a functional email server running with postfix on your server. This guide will show you how to setup OpenDKIM with postfix on a linux server

1

2

yum install epel-release

yum install opendkim

Now that opendkim is installed, you need to generate the dkim keys that you need to use to sign the emails with. There are multiple ways to do this. You can do it through the command line or you can use this service http://dkimcore.org/tools/keys.html.

1

2

3

mkdir/etc/opendkim/keys/example.com

chown-Ropendkim:opendkim/etc/opendkim/keys/example.com

touch/etc/opendkim/keys/example.com/default

Open up this directory and open the file called “default”. Paste your private key into this file. For safe keeping you could also create another file called “public.txt” and pop the public key into this file so you can access it in the future if you need it.

Sometimes default permissions dont get correctly set. In the event that this happens run the following. There is no harm just running this query anyway.

1

2

chown-Ropendkim:opendkim/etc/opendkim

chmod-Rgo-wrx/etc/opendkim/keys

Open up “/etc/opendkim.conf” and replace everything with the following

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

AutoRestart Yes

AutoRestartRate10/1h

Canonicalization relaxed/simple

ExternalIgnoreList refile:/etc/opendkim/TrustedHosts

InternalHosts refile:/etc/opendkim/TrustedHosts

KeyTable refile:/etc/opendkim/KeyTable

LogWhy Yes

Mode sv

PidFile/var/run/opendkim/opendkim.pid

SignatureAlgorithm rsa-sha256

SigningTable refile:/etc/opendkim/SigningTable

Socket inet:8891@localhost

Syslog Yes

SyslogSuccess Yes

TemporaryDirectory/var/tmp

UMask022

UserID opendkim:opendkim

You now need to add a key to the keytable. This file is located in /etc/opendkim/keytable

Had a look around online and couldnt find any decent SMTP plugin for sending and receiving emails through wordpress. Seems like it makes a lot of people angry for wordpress to do such a thing which seemed odd, so I decided to start working on one myself.

The goal of this plugin is to add the following functionality to the wordpress dashboard.

Send Emails

Receive Emails

Log into any user inbox using SMTP servers user authentication.

Create WP database to log emails and better manage them.

Parse and display any email information.

Setup email blasts for newsletters.

Basic spam filter

Adminbar notifications for unread emails.

The wordpress side of things is the easy part so I have put the effort into extracting the emails from the IMAP server from a wordpress plugin. It took quite a bit of work to get this to display any useful information, but after a while I started to make some good progress on this. Using a linux server with postfix and dovecot installed as the SMTP and IMAP servers I was able to use PHP to pull the latest emails for an individual user.

Here is the base inbox page that lists the latest emails. This is going to need major touch ups to style, but I want to get the functionality working smooth before making it look pretty.

WordPress Email Inbox

This inbox page is a bit messy, but its working! The next thing was to be able to view the actual email body. This is also crazy messy, but it works and thats all that matters for the moment. I have listed the emails and dumped the email body below. Attachments still don’t show up, but the core components are correctly displaying.

Received Emails With Body

The next stage to this would be making this a little more user friendly so emails can be read much better. I will create individual “view email” pages that will display the email and hopefully any attachments. I will work on adding controls to this page that will allow for replies, forwarding, attachments etc.

I do see some potential issues in the future with this. While it is working perfectly on my server, I am not confident its going to work straight up on another server that’s running a different operating system/mail server. Once i have a stable version of the plugin I will try to get a few people to test this out on various servers. I will work on creating a quick setup tool that will try to test various config options in order to determine what one will work best for the particular system. The install of php-imap and mail servers are requirements in order to make this work.

I’m very surprised this hasn’t been done in the past. WordPress is a CMS, but with the evolution of the web I for one would like to have everything related to my website kept in one area. Why go to a roundcube install or anything else when you can just do everything that you need to do within wordpress?

Reverse DNS is a common method used to help keep your emails out of the dreaded spam filters. Fortunately, once you know how, reverse DNS is a quick and easy way to improve the trustability of your emails. Reverse DNS alone is not enough to guarantee that your emails will successfully make it to a users inbox, but its a quick and easy way to start. I suggest you look at DKIM keys after you have this completed as these will also greatly help you out. Click here for a guide on setting up DKIM keys for emails.

So first things first. Where do you go to set this up?

Most people think that it’s the job of your domain registrar (i.e. GoDaddy) to do this, but this is not the case. Your hosting provider is responsible for this. If you are using a shared host, you may not have access to do something like this. Generally to have a reverse DNS your website will need to have its own dedicated IP address and not be shared as a virtual host on a server somewhere. If you are unsure about this get in touch with the company that host your website and they will help you out further.

If you have your own server, be it VPS, dedicated or some other system, you should be able to set this up very easily. When you register for an account you will be given an IP for your server. This is the IP that you enter for your domain name in Godaddy or whatever domain registrar you use. This means that domain.com will map to the IP address of your server. Reverse DNS is making sure that that same IP address reverse maps back to your domain name.

Start by logging into whatever managment system your host has provided for you. If you don’t have one then get in touch with the host and they will tell you where to find the form. Generally there will be a simple form and you can just type the name of the domain into a box and after a few minutes, the IP of your server will map back to your name. It’s a very simple yet effective thing to do to combat the spam filter war!

DomainKeys Identified Mail (DKIM) is a process used to validate emails preventing someone from sending spam email using an unauthorised email address. The process works using 2 encrypted SSL keys. A public key which is obviously made available to the public and a private key which only you / your web server will know. When you send an email you will attach your private key to the email. When gmail or any other web server gets the email, it will check to see if the public key that you have made available via your DNS zone file, matches up with the private key that was sent with the email. DKIM is a one useful method to prevent your emails ending up in spam folders.

Setting up DKIM for your web server may seem like it is incredibly complicated and there is no denying..it sucks! but as long as you have some experience working with a web server and have access to everything needed, you should be able to get this setup. To make life as easy as possible I will break this down into a series of individual steps.

Step 1 – Generate a private and public key
Creating your public and private keys are less complicated than you might think. SSL keys can be generated by any machine, you don’t have to register for an account anywhere or setup anything special. You simply download an application and it will generate the keys for you. It’s best to do this on your own machine rather than use an online service as you don’t know if the online service could be saving these keys.

So to create the keys you will need to download a command line SSL tool. You can find a download link here http://slproweb.com/products/Win32OpenSSL.html . Download and install this tool. In order to run it you will need to open up a command shell window (command prompt) in administrator mode if you are running windows vista or newer.

When in a command window run the following commands. You might need to give the direct path of the .exe file in order for the command to work. This will generate 2 files (rsa.private and rsa.public) in whatever folder you are currently in. It will be best to change directory to the desktop or the root of the C drive in order to get at these files quickly.

1

2

3

openssl genrsa-out rsa.private1024

openssl rsa-inrsa.private-out rsa.public-pubout-outform PEM

You now have a public and private key!

Step 2 – Add DNS records
The DNS record is where you are going to store the public key. When gmail gets an email from your server it will check the dns record for the domain and see if there is a key available. If there is one there is will have the public key which it can use with the private key that was send with the email.

This part of the guide will depend on where your DNS zone file is hosted. For most people godaddy will likely be the place where the zone file is hosted. If you don’t use godaddy then you will have to find out how to edit your zone file. This is a very important file, so if you dont know how to edit it you will have bigger issues than setting up domain keys.

You need to add 2 TXT records to your zone file. I wanted to create a record for a noreply email address so that my server could send out emails to users automatically and the emails would make it to the inbox folder and not the spam folder.

Add the following data to the Host and TXT fields of your zone file.

1

2

3

_domainkey.yomotherboard.como=~;r=noreply@yomotherboard.com

mainkey._domainkey.yomotherboard.comk=rsa;p=PUBLICKEY HERE

NOTE!! Make sure the public key is one long string with out any whitespace or line breaks. The SSL tool will generate the file with line breaks so make sure you remove them all and make it one long file.

Save these changes and in an hour or so (up to 48 hours in on a bad day) this TXT record will be live.

Step 3 – Sending the private key with an email
This part very much depends on your programming language and the email client you are using with that programming language.

So for example if you are using PHPMailer, you can setup the private DKIM key by adding the following lines to your code

PHP

1

2

3

4

5

$mail->DKIM_domain="nerdburglars.net";

$mail->DKIM_private="rsa.private";//path to file on the disk.

$mail->DKIM_selector="mainkey";// change this to whatever you set during step 2

$mail->DKIM_passphrase="";

$mail->DKIM_identifier=$mail->From;

So this is it, you are finished! Not so bad right? May take a while for the updates to show up since DNS zone file changes can take a while to update across the internet, but once they do you will be all set with DKIM keys correctly setup for your emails. Remember that this is only 1 method of improving the odds of your emails not ending up in a spam folder, but doesn’t guarantee it. You may also need to setup a reverse lookup in order to make yourself 100% safe.